Support Center

Please check docs.livewhale.com for the most up-to-date LiveWhale CMS and LiveWhale Calendar documentation. The below legacy documentation will remain available as a reference until the documentation migration is complete.

How to Check User Authorizations

Last Updated: Jun 26, 2014 06:49AM PDT

Beginning in LiveWhale 1.5.0, we broke user permissions out into a number of individual settings that are more granular. For instance, in the prior schema, there was no easy way to determine if the user has also been granted the ability to Edit Source of a page—that’s now available.

The role-based authorizations mirror the options available when editing a user in 1.5. They are:

Make edits to public webpages: pages_edit

Edit dynamic content: core_edit

Publish dynamic content: core_publish

Add, edit, and delete pages and navigations: pages_manage

View sitewide activity stream: core_activity

Manage content for other groups: core_switch

Manage globally shared content: core_globals

Manage content submitted by public users: core_submissions

System administrator (catch-all): core_admin

Manage groups and users: core_groups

Show file browser: pages_browse

Edit raw page source code: pages_source

Use the following to check the current user’s authorizations:

if ($_LW->userSetting('core_admin')) { … // only admins can do this

The userSetting method requires the role, and optionally accepts two additional parameters.

If you need to check the setting for a user other than the current user, you can use the optional $uid parameter. If you’d like to change an authorization value for a user, append the third parameter $value_to_assign, which should be true or false only. If you’re assigning this value for the currently logged-in user, pass boolean FALSE as the $uid.

Finally, when creating data modules, you can add your own authorization roles. You should follow the naming schema above if at all possible, where the first word is the name of your module and the second a term specific to the authorization.

Deprecation Note: Previous to LiveWhale 1.5.0, the simpler user permissions model was stored entirely in the $_SESSION. For those who have code dating to this time, you can still check the $_SESSION is_admin for now, but migrate when possible. It’s there to maintain backwards compatibility for your custom modules during this conversion. The $_SESSION setting uses the the new permissions, so it already returns the same result as the newer model above.